How to setup Kubernetes Dashboard in EKS using NodePort?

How to setup Kubernetes Dashboard in EKS using NodePort?

Step 1: Deploy the Dashboard
# Deploy the Kubernetes dashboard to your cluster:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

# Deploy heapster to enable container cluster monitoring and performance analysis on your cluster:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml

# Deploy the influxdb backend for heapster to your cluster:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml

# Create the heapster cluster role binding for the dashboard:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml

Step 2: Create an eks-admin Service Account and Cluster Role Binding
# Create a file called eks-admin-service-account.yaml with the text below:

vi eks-admin-service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: eks-admin
  namespace: kube-system

$ kubectl apply -f eks-admin-service-account.yaml

vi eks-admin-cluster-role-binding.yaml

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: eks-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: eks-admin
  namespace: kube-system

$ kubectl apply -f eks-admin-cluster-role-binding.yaml

Step 3: Retrieve an authentication token 
Retrieve an authentication token for the eks-admin service account. Copy the <authentication_token> value from the output. You use this token to connect to the dashboard.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')

Step 4: Connect to the Dashboard Via Node Port
Retrieve an authentication token for the eks-admin service account. Copy the <authentication_token> value from the output. You use this token to connect to the dashboard.

$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')
$ kubectl get pods --all-namespaces
$ kubectl get pods --namespace=kube-system
$ kubectl get svc --all-namespaces

$ kubectl edit svc/kubernetes-dashboard --namespace=kube-system
or
$ kubectl -n kube-system edit service kubernetes-dashboard
Just change "type: NodePort" only

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: 2018-07-27T10:22:50Z
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
  resourceVersion: "3288196"
  selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard
  uid: 03f2f747-9187-11e8-9432-02b761c0deac
spec:
  clusterIP: 10.100.194.75
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 30530
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

$ kubectl describe pods kubernetes-dashboard-7d5dcdb6d9-mt9b9 --namespace=kube-system 
#Find which node is running and get a Port of SVC

$ kubectl get svc --all-namespaces
$ kubectl get pods --all-namespaces
$ kubectl describe pods kubernetes-dashboard-7d5dcdb6d9-h9dcb --namespace=kube-system

Step 5: Connect to the Dashboard Via ClustorIP and Proxy
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

https://10.16.39.28:30178/

 

IMPORTANT – Kubernetes Dashboard should be HTTPS

 

Tagged : / / / /

What is EKS and How EKS can help you?

In simple line, Amazon EKS is generally available, bringing fully-managed Kubernetes to AWS.

Amazon launched Amazon EKS in November at its re:Invent 2017 conference. Till the time this article is written, Amazon EKS is available in the US East (N. Virginia) and US West (Oregon) Regions only.

The cost of running EKS is $0.20 per hour for the EKS Control Plane, apart from EC2, EBS, and Load Balancing prices for resources that run in your account.

How does Amazon EKS work?

Amazon EKS works by provisioning (starting) and managing the Kubernetes control plane for you. At a high level, Kubernetes consists of two major components – a cluster of ‘worker nodes’ that run your containers and the control plane that manages when and where containers are started on your cluster and monitors their status.

Without Amazon EKS, you have to run both the Kubernetes control plane and the cluster of worker nodes yourself. With Amazon EKS, you provision your cluster of worker nodes using the provided Amazon Machine Image (AMI) and AWS CloudFormation script and AWS handles provisioning, scaling, and managing the Kubernetes control plane in a highly available and secure configuration. This removes a significant operational burden for running Kubernetes and allows you to focus on building your application instead of managing AWS infrastructure.

Major Features of Amazon Elastic Container Service for Kubernetes (EKS)
Amazon Elastic Container Service for Kubernetes (EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane.

  1. Availability and Scalability of Nodes – Amazon EKS automatically manages the availability and scalability of the Kubernetes control plane nodes that are responsible for
    1. Starting and stopping containers,
    2. Scheduling containers on virtual machines,
    3. Storing cluster data, and other tasks.
  2. Health check of Nodes – Amazon EKS Automatically detects and replaces unhealthy control plane nodes for each cluster.
  3. Amazon EKS Integration – Great Integration with AWS networking and security services, such as Application Load Balancers for load distribution, IAM for role based access control, and VPC for pod networking.
  4. Managed Kubernetes Control Plane – Amazon EKS provides a scalable and highly-available control plane that runs across multiple AWS availability zones.
  5. Kubernetes Masters in three Availability Zones – Amazon EKS runs the Kubernetes control plane across three Availability Zones in order to ensure high availability, and it automatically detects and replaces unhealthy masters.
  6. Amazon EKS with IAM Authentication – Amazon EKS integrates Kubernetes RBAC (the native role based access control system for Kubernetes) with IAM authentication through a collaboration with Heptio. You can assign RBAC roles directly to each IAM entity allowing you to granularly control access permissions to your Kubernetes masters.
  7. Amazon EKS with VPC Support
    Your EKS clusters run in an Amazon VPC, allowing you to use your own VPC security groups and network ACLs. No compute resources are shared with other customers. This provides you a high level of isolation and helps you use Amazon EKS to build highly secure and reliable applications.
  8. Container Interface – EKS uses the Amazon VPC CNI to allow Kubernetes pods to receive IP addresses from the VPC means The Container Network Interface for Kubernetes uses Elastic Network Interfaces to provide secondary IP addresses for Kubernetes Pods.
  9. Amazon EKS Logging
    Amazon EKS is integrated with AWS CloudTrail to provide visibility and audit history of your cluster and user activity. You can use CloudTrail to view API calls to the Amazon EKS API.
  10. Amazon EKS with EBS – Kubernetes PersistentVolumes (used for cluster storage) are implemented as Amazon Elastic Block Store (EBS) volumes.
  11. Amazon EKS with Route 53 – The External DNS project allows services in Kubernetes clusters to be accessed via Route 53 DNS records. This simplifies service discovery and supports load balancing.
  12. Amazon EKS Support – Amazon EKS runs up-to-date versions of the open-source Kubernetes software, so you can use all the existing plugins and tooling from the Kubernetes community.

Reference
EKS Getting Started Guide
EKS Publication
EKS FAQ

Tagged : / / / / / /

Introduction of containers services at Amazon AWS

Here are the following Services which is offered by AWS at present which will help you to onboarding Containers on AWS platforms.

Amazon Elasitc Container Services (ECS)

Amazon Elasitc Container Services (ECS) was introduced in 2014. Amazon EC2 Container Service (ECS) is a cloud computing service in Amazon Web Services (AWS) that manages containers. It enables developers to deploy and manage scalable applications that run on groups of servers called clusters through application programming interface (API) calls and task definitions.

Amazon ECS is a scalable service that is accessible through the AWS Management Console and software developer’s kits (SDKs). It is comparable to Kubernetes, Docker Swarm, and Azure Container Service.

ECS runs your containers on a cluster of Amazon EC2 (Elastic Compute Cloud) virtual machine instances pre-installed with Docker. It handles installing containers, scaling, monitoring, and managing these instances through both an API and the AWS Management Console.

EC2 Container Service includes two schedulers, which enable users to deploy containers based on computing needs or availability requirements. Amazon ECS runs containers on top of EC2 instances, which provides isolation to help businesses achieve compliance

Amazon ECS competes with Kubernetes, Google’s open source container orchestration system. While the container management tools and use cases differ, Kubernetes has the following features that ECS does not:

  • It is deployable to non-AWS clouds and on-premises resources;
  • It has storage options outside AWS; and
  • It receives contributions from the developer community, while not all ECS code is publicly available.

Amazon Elastic Container Repository (ECR)

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure.

Amazon Elastic Kubernetes Services (EKS)

Amazon Elastic Kubernetes Services (EKS) was introduced by AWS in November 2017 at its re:Invent conference. Amazon Elastic Container Service for Kubernetes (Amazon EKS) makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Kubernetes control plane that is high availability, with three masters across three availability zones. This is something that used to be challenging to setup yourself. EKS is just running upstream Kubernetes so you can connect to it with kubectl just like a self managed Kubernetes.

Amazon Fargate

Amazon Fargate was introduced by AWS in November 2017 at its re:Invent conference.
AWS Fargate is a new service for running containers without needing to manage the underlying infrastructure.
AWS Fargate is a technology for Amazon ECS and EKS that allows you to run containers without having to manage servers or clusters. With AWS Fargate, you no longer have to provision, configure, and scale clusters of virtual machines to run containers.

Your control plane can just ask Fargate to run a container and Fargate takes care of all the details. Pricing is based on how much CPU and memory you reserve for the container to use, on a per second basis.

 

 

Tagged : / / / / / / / /